summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-01-24 23:26:37 +0100
committerAndrey Andreev <narf@devilix.net>2014-01-24 23:26:37 +0100
commitc35327fd05b3f06916afe4a5b5fbedc9648a2e08 (patch)
treedff94f4319a60132691ed0181c32d294e473f2b2 /system/core/Security.php
parent44930554e0a47027b136abf2904825cab53f965f (diff)
parent2b284f9b171ba0e0886db15772a6a62e9155f74f (diff)
Merge branch 'develop' into feature/user-guide-cleanup
Diffstat (limited to 'system/core/Security.php')
-rw-r--r--system/core/Security.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index d6356f869..49e5ab411 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -69,7 +69,9 @@ class CI_Security {
public $html5_entities = array(
'&colon;' => ':',
'&lpar;' => '(',
- '&rpar;' => ')'
+ '&rpar;' => ')',
+ '&newline;' => "\n",
+ '&tab;' => "\t"
);
/**
@@ -467,7 +469,7 @@ class CI_Security {
* So this: <blink>
* Becomes: &lt;blink&gt;
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|video|svg|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
@@ -660,7 +662,7 @@ class CI_Security {
protected function _remove_evil_attributes($str, $is_image)
{
// Formaction, style, and xmlns
- $evil_attributes = array('style', 'xmlns', 'formaction');
+ $evil_attributes = array('style', 'xmlns', 'formaction', 'form', 'xlink:href');
if ($is_image === TRUE)
{